Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

concealment writes with news that VISA and MasterCard have been warning banks of an incident at a U.S. card processor that may have compromised as many as 10 million credit card numbers. From the article:
"Neither VISA nor MasterCard have said which U.S.-based processor was the source of the breach. But affected banks are now starting to analyze transaction data on the compromised cards, in hopes of finding a common point of purchase. Sources at two different major financial institutions said the transactions that most of the cards they analyzed seem to have in common are that they were used in parking garages in and around the New York City area."
According to the Wall Street Journal, the breached company is Global Payments Inc.

...I wanted to know who had the breach, so I could avoid ever giving them business that wasnt cash based, but they would not tell me. That part pisses me off. There needs to be an awareness as to which vendors dont find it worth their time to protect me , so I can make a decision to not use them.

I don't know if you can believe the story, but if the breach occured with a credit card processor and not the retailer. The Credit card processor is the retailer's vendor (e.g., the company that the retailer contracts with to process credit card batches). This vendor relationship is not unlike the company that the retailer buys paperclips from, or the company that processes their payroll. Credit card processing is a highly competitive industry. Some retailers will often switch processors every few years when competing companies offer promotions with lower merchant fees (the fees/percentage that they charge the retailer for processing a credit card transaction).

Even if you had been told what retailer the fraudulent charges were made at, since there are so many credit card processing companies, it's quite likely that the retailer didn't use the same processing company. Additionally, because of credit card merchant contracts, retailers are supposed to follow certain "merchant" rules (e..g, no minimum*** or maximum purchase amounts, no steering to different forms of payment, not allowed to require ID, etc, etc). So even if the retailer wanted to be more careful when trying to accept this apparently frauduant card transaction, they probably aren't allowed by contract to be as paranoid as you apparently want them to be...

So feel free to throw the baby out with the bath water, but it's might be just as likely that the retailer you want to disown actually helped the credit card company identify the fraudulent transaction before it appeared on your credit card statement. If that were the case, perhaps you should be thinking about thanking them, before you disown them?

*** As of part of the Dodd-Frank wall street reform act of 2010, retailers are now allowed by law to imposed a minimum transaction amount up to $10 (this law supercedes the language in the contracts in place with the credit card companies)